High severity7.1NVD Advisory· Published Mar 16, 2026· Updated Apr 9, 2026
CVE-2026-26133
CVE-2026-26133
Description
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Affected products
21cpe:2.3:a:microsoft:365_copilot:*:*:*:*:*:android:*:*+ 2 more
- cpe:2.3:a:microsoft:365_copilot:*:*:*:*:*:android:*:*range: <16.0.19815.10000
- cpe:2.3:a:microsoft:365_copilot:*:*:*:*:*:iphone_os:*:*range: <2.107.2
- (no CPE)
cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*+ 1 more
- cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*range: <16.0.19822.20038
- cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:iphone_os:*:*range: <2.106.2
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133nvdVendor Advisory
News mentions
0No linked articles in our index yet.